RSA 2010: Suspicious patterns alone aren’t enough to tell you you’ve got a problem

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.

In this video are Tim Zonca (@timzonca), Product Marketing Manager of Tripwire and Dwayne Melancon (@ThatDwayne), Tripwire’s VP of Log Management. Melancon offered a great explanation of the value of change information synced with log events. He compared it to a traditional security system which only behaves like a traditional logging product. It can tell you that somebody opened the door, or broke a window. What it won’t tell you is what that thief did once he made it into your house.

Wouldn’t it be great if your security system could tell you that? It could tell you every step the thief took. Every item he touched, and if he actually removed something from your house. Or maybe he placed something in it so he could come back later. That’s exactly what a change log synced with an event log can tell you. It can give you greater insight into behavior on your network, connected with an actual event.

Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.

Tagged as: event management, IT Security, IT Security and Data Protection, log management, RSA, RSA 2010, RSAC

This post was written by…

David Spark has contributed 110 posts to The State of Security.

Twitter @dspark

Contact David Spark

David Spark is a veteran tech journalist and founder of Spark Media Solutions, a media consulting and production company. Acting as the "media" of "social media," Spark Media Solutions helps its clients be seen as leading voices in their field through brand-quality media production and distribution through top tier media channels.